From Bugzilla Helper: User-Agent: Mozilla/5.0 Galeon/1.2.6 (X11; Linux i686; U;) Gecko/20020830 Description of problem: When discussing loopback encryption with Arjan, he said that instead of having to use DES, I could use AES instead (since it is bundled with Red Hat Linux) - losetup does not recognize "aes" as an available encryption option. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. # losetup -e aes /dev/loop0 test.img Actual Results: Unsupported encryption type aes Expected Results: Should allow user to setup an aes encrypted loopback device. Additional info: $ rpm -q losetup losetup-2.11r-10
Further, I force injected the "cipher-aes" module: # modprobe cipher-aes # losetup -e aes /dev/loop0 /home/myohe/test.img Unsupported encryption type aes # losetup -e cipher-aes /dev/loop0 /home/myohe/test.img Unsupported encryption type cipher-aes # losetup -e AES /dev/loop0 /home/myohe/test.img Unsupported encryption type AES
I should finish my thoughts before hitting "submit.." # dmesg | grep cryptoapi cryptoapi: loaded cryptoapi: Registered aes-ecb (0) cryptoapi: Registered aes-cbc (65536) cryptoapi: Registered aes-cfb (131072) cryptoapi: Registered aes-ctr (262144) cryptoapi: Registered aes-rtc (524288) # losetup -e aes-rtc /dev/loop0 /home/myohe/test.img Unsupported encryption type aes-rtc # losetup -e aes-ecb /dev/loop0 /home/myohe/test.img Unsupported encryption type aes-ecb # losetup -e aes-cfb /dev/loop0 /home/myohe/test.img Unsupported encryption type aes-cfb # losetup -e aes-ctr /dev/loop0 /home/myohe/test.img Unsupported encryption type aes-ctr # losetup -e aes-cbc /dev/loop0 /home/myohe/test.img Unsupported encryption type aes-cbc
And while it's open (along the same lines); how come it only supports XOR which is slow and DES which doesn't work anyway: losetup -e des /dev/loop0 /file Password: Init (up to 16 hex digits): ioctl: LOOP_SET_STATUS: Invalid argument Lets take DES out as everyone agrees it is too weak and doesn't work anyway, and lets put at least one decent one in by default; AES, IDEA or something, and even better would be to be able to use loadable encryption modules.
The DES problem is related to Bug 56698 and includes a semi-howto on what to do to get encrypted filesystems to work under Red Hat Linux (albeit a non-packaged method). I filed Bug 78544 against the kernel - Arjan correctly informed me that the _kernel_ has loopback encryption support. However, the Red Hat Linux distribution itself _does not_ have the support. I will modify Bug 78544 accordingly to reference the distribution's lack of a method EVEN when the man pages (documentation) say otherwise.
Does this mean I can just get the src.rpm to losetup and util-linux packages and add to the .spec file the patches from http://www.kernel.org/pub/linux/kernel/crypto/v2.4/ and expect it to work? If I understand the problem correctly, and it is so, then I am happy to put together and updated src.rpm for rawhide and/or redhat update. Sam [Yes, and I meant XOR was fast, not slow]
Well.... I derived the patch for the util-linux package but it doesn't apply cleanly when combined with all the other redhat linux-util patches part of the .src.rpm And not knowing the purposes behind many of the applied patches I can't tell how far from a working crypto losetup we are; or if or how much still needs patching. So I'll have to leave it to the util-linux package maintainers to sort out what is still missing and fix it up.
*** This bug has been marked as a duplicate of 56698 ***